CVE-2016-6255
Publication date 7 March 2017
Last updated 25 August 2025
Ubuntu priority
Description
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
From the Ubuntu Security Team
Matthew Garrett discovered that libupnp mishandled POST requests by default. An attacker could use this vulnerability to write files to arbitrary locations in the victim's filesystem, possibly as root.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libupnp | 22.04 LTS jammy | Not in release |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 1:1.6.19+git20160116-1ubuntu0.1~esm1
|
|
| 14.04 LTS trusty |
Fixed 1:1.6.17-1.2+deb7u1build0.14.04.1
|
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-4794-1
- libupnp vulnerabilities
- 15 March 2021